Malware

Doina.32099 (file analysis)

Malware Removal

The Doina.32099 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Doina.32099 virus can do?

  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Doina.32099?



File Info:

name: E9BFFEBA407EEE7DAB86.mlw
path: /opt/CAPEv2/storage/binaries/1e36c23a584ec96219f2d5840d4753ccc53f44001068469fbaa5bd4b0e8de19e
crc32: AAF25760
md5: e9bffeba407eee7dab8600b5ee62b731
sha1: 9fb1ccde28b81d051342cdfef9e09fef04ed804f
sha256: 1e36c23a584ec96219f2d5840d4753ccc53f44001068469fbaa5bd4b0e8de19e
sha512: 15c68a7538a1454a808eab9b6c048e402e851af3e6b8857ce45726d874a63c596446c7b5a33db85aed7fba246ce1c39207c9fbaf1ff3ab8e76153d346f4dbe30
ssdeep: 768:Q+nA9JX0XVYRzKJkMl+ew5xX1f23giC7obsUnb0/j5D/T:FwJX0YzKiM9wxX1e3giKUWDL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11413E7241F93EDE7C9248AF10D6627A0D3F7E67216B109E36F6811741E31B81B7326DA
sha3_384: ae0c2f06209197705226e8459f1d62e5be7d0b2bacec9f54f266088ed20578a2fab48129b4774fdd2b6397ccd570b2fd
ep_bytes: 558bec535657bb00a0400066f705fa57
timestamp: 1970-01-01 03:25:45


Version Info:

0: [No Data]

Doina.32099 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Doina.32099
FireEyeGen:Variant.Doina.32099
McAfeeArtemis!E9BFFEBA407E
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan-Downloader ( 0055e3da1 )
AlibabaTrojanDownloader:Win32/Downadup.9919a9a9
K7GWTrojan-Downloader ( 0055e3da1 )
Cybereasonmalicious.a407ee
VirITTrojan.Win32.Generic.EUM
SymantecDownloader
ESET-NOD32a variant of Win32/TrojanDownloader.Small.PGJ
APEXMalicious
ClamAVWin.Trojan.Downloader-39232
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Doina.32099
NANO-AntivirusTrojan.Win32.Drop.jrbkc
AvastWin32:Small-HUBM [Trj]
TencentWin32.Trojan.Generic.Amwd
Ad-AwareGen:Variant.Doina.32099
TACHYONTrojan/W32.Small.45056.AKE
EmsisoftGen:Variant.Doina.32099 (B)
ComodoMalware@#2bc94pd1bfkfu
DrWebBackDoor.Bifrost.24810
ZillyaDownloader.Genome.Win32.36217
TrendMicroTROJ_FRS.0NA103BL20
McAfee-GW-EditionBehavesLike.Win32.Downloader.pm
SophosMal/Generic-S
IkarusWorm.Win32.Downadup
GDataGen:Variant.Doina.32099
JiangminTrojanDownloader.Genome.stc
WebrootW32.Malware.Gen
AviraTR/Dldr.Agent.alq.9
Antiy-AVLTrojan/Generic.ASMalwS.3CC46A
KingsoftWin32.TrojDownloader.Genome.ct.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
ArcabitTrojan.Doina.D7D63
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!ml
CynetMalicious (score: 99)
ALYacGen:Variant.Doina.32099
MAXmalware (ai score=100)
VBA32Backdoor.Bifrose
MalwarebytesMalware.AI.3632266106
TrendMicro-HouseCallTROJ_FRS.0NA103BL20
RisingDownloader.Small!8.B41 (CLOUD)
YandexTrojan.DL.Genome!MQ1RXEefI20
FortinetW32/Generic.AC.2AD347!tr
AVGWin32:Small-HUBM [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.2889926.susgen

How to remove Doina.32099?

Doina.32099 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment